1.1304.0 (2026-04-09)
The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see this documentation
Features
- aibom: Introduces the snyk aibom test command. (2978044)
- test, monitor, sbom: Introduce --maven-skip-wrapper flag to force the use of a globally installed mvn command. (0ee90ca, ff31066)
- general: Introduce explicit configuration for network retry max-attempts. (1fbdf38)
- container: Add deprecation warnings for -shaded-jars-depth and non-numeric values for --nested-jars-depth. (321b6f5)
- container: Extend support for java runtime binary scanning (b60473a)
- mcp: Improves auto-enable behavior for Snyk Code, promotes package health checks to stable. (5f5898f)
- redteam: Adds a vulnerability summary to scanned output. (52eaf5a)
- redteam: Add --json flag support for list commands, exhaustive and eager modes. (e962c4d)
Bug Fixes
- general: Fix printing JSON output on stdout when only --json-file-output is specified. (32f65f0)
- test: Fixes an issue where no files were uploaded when using --skip-unresolved. (71ca761)
- test: Prevents scan failures when Maven builds succeed with non-fatal errors. (b30db97)
- test: Fixes Go PackageURL generation and import path normalization for projects using replace directives. (7c7a366, ee7d72b)
- test: Improves SDK detection when host and SDK versions differ. (96d0817)
- test: Ensures project names are populated when scanning NuGet projects from repository root. (c043553)
- container: Snyk Container scans of tar files on Windows should now report vulnerabilities for Python application package files. (9b86790)
- container: Override packages with inaccurate pom.properties files (b60473a)
- test: Ensure Yarn workspace pacakges matches are actual members defined in the root package.json. (0dd6581)
- test: Fix increased scan times when testing Golang projects. (f2f5ba2)
- code: Snyk Code scans now return clearer error message and exit codes when testing unsupported projects (6f5b4e3)
- test: Fix a bug where aliased packages were being resolved with the target name insted of the alias for yarn projects. (dcbec6f)
- test: Fix a bug where Python packages with . characters in their name were incorrectly parsed to include - characters. (9a2a36e)
- deps: Updates dependencies to fix vulnerabilities:
- CVE-2026-26996 (8e7873f)
- CVE-2026-29786 (1a08533)
- CVE-2026-31802 (1321575)
- CVE-2025-69873 (8ff6aad)
- CVE-2026-33186 (e98d9ef)
- CVE-2026-32283 (d26e83f)
- CVE-2026-29181 (f5418b6)
